Last active
September 12, 2023 06:44
-
-
Save noriyukitakei/e0795f7870cee924154d40d60da540c1 to your computer and use it in GitHub Desktop.
【多分わかりやすいサーバーレスアーキテクチャ入門 〜 「Azure Functions」を使って、クラウドネイティブなLINE風チャットアプリを作ろう!!】 〜 API Managementのポリシー
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<policies> | |
<inbound> | |
<!-- CORSの設定を行う。AngularからAzure FunctionsのAPIをコールするために必要な設定。--> | |
<cors allow-credentials="true"> | |
<allowed-origins> | |
<origin>[Azure App ServiceのURL]</origin> | |
</allowed-origins> | |
<allowed-methods> | |
<method>*</method> | |
</allowed-methods> | |
<allowed-headers> | |
<header>*</header> | |
</allowed-headers> | |
<expose-headers> | |
<header>*</header> | |
</expose-headers> | |
</cors> | |
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized" require-expiration-time="true" require-scheme="Bearer" require-signed-tokens="true" clock-skew="0"> | |
<openid-config url="https://auth.login.yahoo.co.jp/yconnect/v2/.well-known/openid-configuration" /> | |
<issuer-signing-keys> | |
<!-- 先程のYahooの設定画面で取得したシークレットをBase64したものを設定 --> | |
<key>XXXXXX</key> | |
</issuer-signing-keys> | |
<audiences> | |
<!-- 先程のYahooの設定画面で取得したClient IDを設定 --> | |
<audience>XXXXXX</audience> | |
</audiences> | |
<issuers> | |
<issuer>https://auth.login.yahoo.co.jp/yconnect/v2</issuer> | |
</issuers> | |
</validate-jwt> | |
<!-- IDトークンのsubクレームに定義してあるYahoo!アカウントのユーザー識別子を、x-yahoo-uidヘッダに設定 --> | |
<set-header name="x-yahoo-uid" exists-action="override"> | |
<value>@{ | |
var uid = ""; | |
var authHeader = context.Request.Headers.GetValueOrDefault("Authorization", ""); | |
if (authHeader?.Length > 0) | |
{ | |
string[] authHeaderParts = authHeader.Split(' '); | |
if (authHeaderParts?.Length == 2 && authHeaderParts[0].Equals("Bearer", StringComparison.InvariantCultureIgnoreCase)) | |
{ | |
Jwt jwt; | |
if (authHeaderParts[1].TryParseJwt(out jwt)) | |
{ | |
uid = jwt.Claims.GetValueOrDefault("sub", uid); | |
} | |
} | |
} | |
return uid; | |
}</value> | |
</set-header> | |
</inbound> | |
<backend> | |
<forward-request /> | |
</backend> | |
<outbound /> | |
<on-error> | |
</on-error> | |
</policies> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment